EU to the US - you're in the wrong camp when it comes to data regulation and time's running out
- Summary:
- A leading European Commission representative strikes a 'come and join us' tone in Washington, but is anyone listening?
Digital economy tension between the European Commission and the White House has been increasing for several years. The tendency of various Commissioners to hector US legislators hasn’t helped, but then neither has the lax attitude to regulation from Washington.
Today the current occupant of the Oval Office openly talks of the European Union as an economic enemy of making America great again, while Europe lectures from its self-anointed moral high ground on topics such as digital taxation and data privacy, while slamming enormous fines on US tech giants, an action long regarded as protectionist on both sides of the aisle in Congress.
A recent bone of contention for many in US political circles was the introduction of the General Data Protection Regulation (GDPR), which some argue adds unnecessary cost burdens to US firms, both at the tech titans and ‘mom and pop’ ends of the spectrum.
But at the same time, there is a groundswell of attention being paid to the idea of a GDPR-US, fuelled in large part by the various Facebook scandals of recent times. There is a mood among the public that things have gotten out of hand. Consider the findings of a recent survey of 1000 adults by NBC News and The Wall Street Journal which makes for depressing reading for the social media giants.
Nearly two thirds (60%) of respondents don’t trust in Facebook to oversee their private data, well ahead of 37% who don’t trust Google and 28% with the same view of Amazon. (Mind you, 38% don’t trust the Federal Government with their data, so there’s little room for legislators to feel smug!).
Meanwhile 57% say that tech giants like Facebook and Twitter do more to divide the nation than unite it while 55% buy into the Trump Fake News doctrine and believe say social media platforms spread lies and falsehoods.
There have been rallying cries from the tech sector for regulation, led by the likes of Salesforce CEO Marc Benioff, who has been perhaps the most outspoken to date, as well as Apple’s Tim Cook and Microsoft’s Satya Nadella. And of course most recently there’s been the Damascene conversion of a publicly penitent Mark Zuckerberg asking for an regulatory intervention to save Facebook from itself.
Tone
So the time is ripe perhaps for action - or at least for progress towards action. Against that backdrop, it’s also a time for the Europeans not to get too many backs up in Washington circles and to wind down some of the more shrill demands that have been heard in the past.
Certainly when Věra Jourová, European Commissioner for Justice, Consumers and Gender Equality, spoke at the Brookings Institution last week, it was a speech couched in calls for co-operation and for Europe to be “an inspiration for the current US debate”, rather than issuing demands for action:
I want to see Europe and America working together because we are democratic societies built on similar values, and we are exposed to similar problems.
But she made it clear that Europe wants to see more urgency from the US side:
I came to the US to share a European view on some of these issues, but also with a strong call to our American allies that it is time to shift up the gear, to work together and to become global rule maker, rather than wait on the sidelines and become a rule taker.
That said, it was clear that Jourová isn’t impressed by the current position:
Today I see two camps, globally: a people-friendly camp that understands that we should have more control over our data including in the online environment. A camp that shares the view that all players, including governments, have to respect limitations when it comes to the processing of personal data and be transparent. Europe is a proud member of this club because it is based on our values; on who we are.
And there is the other camp that has a lax approach to privacy, prioritizes uninhibited and uncontrolled access to data in the name of business or government interests.
I would want the US to join us in the first camp.
Topping that off, there was criticism of “the power of data hungry tech giants” that’s unlikely to sit well with a MAGA mindset:
Modern Europe, like the United States, has been built on a solid foundation of democracy, freedom, fairness and the rule of law. Digital or not - for values this should not matter. Technology is a means to an end, not an end itself. It should serve the people. Yet, many of the tech champions were labelled as the disruptors, sometimes disregarding even those core values. The only long-term solution I see is for a democratic society to reassert control of this process and put people at the centre of the technological revolution.
But that’s going to mean more decisive action in the US. Or as the Commissioner told reporters later:
I would like to see the law in the United States as soon as possible.
My take
Jourová may be waiting some time. It’s not that there isn’t, as noted, a rising interest in some form of GDPR avatar at Federal Government level. In fact there are almost too many activist groups in the debate to keep up with.
The most recent takes the form of the Privacy for America coalition which is made up of private sector marketing and media groups, such as the American Association of Advertising Agencies, the Association of National Advertisers (ANA) and market research lobbyists, the Insights Association. Like other such alliances, Privacy for America wants to work with Congress to shape new data privacy legislation.
Meanwhile in Congress itself Senator Edward Markey has introduced the Privacy Bill of Rights Act, which would require organizations obtain opt-in consent from individuals before data collection; mandate companies only collect necessary data; prohibit companies from using an individual’s personal data in discriminatory ways; and compel them only to collect data from consumers to provide requested services. Markey says:
America’s laws have failed to keep pace with the unprecedented use of consumers’ data and the consistent cadence of breaches and privacy invasions that plague our economy and society. I have long advocated for privacy protections that include the principles of knowledge, notice and the right to say ‘no’ to companies that want our information. But it is increasingly clear that a true 21st century comprehensive privacy bill must do more than simply enshrine notice and consent standards. My Privacy Bill of Rights Act puts discriminatory data uses out of bounds and tells companies that they can only collect the information that is necessary to provide the product or service requested by the consumer.
Those are words and ambitions that are undoubtedly music to Jourová’s ears. But there’s a long, long way to go before they translate into regulatory and legislative reality.